On Fri, Jan 30, 2015 at 1:21 PM, Adam Williamson <adamwill@xxxxxxxxxxxxxxxxx> wrote: > On Fri, 2015-01-30 at 12:59 -0700, Chris Murphy wrote: >> What's the actual, real world, >> non-imaginary impetus behind the change? > > It's exactly what all the list posts I pointed you to say it is. Please go find quotes because I just went through them all and I found: "Better security is always a plus." "Instead I propose that we increase our minimum password..." "In principle I don't disagree with it; But IMO it can not be a replacement to stronger defaults." And that's it. No actual reasons, let alone any data to back it up. And all three of those statements have flaws which I've already addressed. > I > don't know how to stop the conspiracy virus which causes people to > leap to the conclusion that there's some shadowy secret motive behind > every change they don't like, but there *isn't*. I don't know how to stop your conspiracy virus from leaping to the conclusion I was thinking there's a secret motive. I'm actually, literally asking the question, what is the *real world* impetus behind the change? That is not rhetorical. I want facts. I want data. Not hand waivy opinions like "better security is a plus" I want to know exactly what the attack vector is being mitigated here and how common it is. Otherwise it is exactly as I've stated, it's a solution in search of a problem, a problem that by the way the $18 billion target on its back doesn't seem to think is such a big problem seeing as its devices without passwords are regularly used on public encrypted wifi and the world is not ending. What conspiracy are we avoiding with this password change? Where's the threat? Why is voluntary compliance inadequate? Have we done our absolute best to achieve voluntary compliance with stronger passwords? Why do we distrust user's ability to choose their own passwords for their own use case? I just don't see any consideration here except specious statements like better security is always a plus. That was the summary extent of the entire decision making process. -- Chris Murphy -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
